Gmail has a serious safety vulnerability without passwords, you can also enter the mailbox.
[CCID News] According to the NANA of Israel News website, Google's Web-based email service Gmail has a serious security vulnerability. The vulnerability allows intruders to successfully access all accounts without knowing the user account password.
According to the website, hackers can steal users' "cookie" files through a 16-encycloped XSS link. Then, hackers can use this file to disguise into original login users, so that the account is successfully invaded, and even if the user changes the account password after exiting the mailbox, the hacker can still use this "cookie" file to successfully invade the user mailbox.
Under a guidance of Israel hackers, Nana website reporters and local security company Aladdin Knowledge witnessed this attack fact.
According to informed people, it has been attacked by a small number of users so far. Google said that the company is developing a corresponding patch.
Google announced on April 1 this year, will provide Gmail email service, because the service's mailbox capacity is up to 1G, there is a moment of sensation in the industry.
But so far, the service is still in the test phase, and only the invitation from the current user can register the Gmail account. But Google did not reveal how much test users (K99) currently have.
